An Israeli private detective has pleaded guilty to involvement in a hacker-for-hire scheme used to target journalists and critics of Wirecard, the disgraced German fintech.
This first successful prosecution following Wirecard’s 2020 collapse highlights an underworld of hacking services used with impunity by a wide range of companies and rich individuals.
Aviram Azari pleaded guilty in a New York court this week to charges of wire fraud, conspiracy to commit hacking and aggravated identity theft. His lawyer told Reuters that Azari had admitted wrongdoing as a middleman in the hacking scheme, but was not co-operating with prosecutors, and that the charges related to work for Wirecard.
Federal prosecutors said that between 2014 and 2019 Azari was involved in a conspiracy to target unnamed companies in New York using phishing emails to steal passwords.
The case relates to a long-running federal investigation into an alleged Indian hacking group called BellTroX InfoTech Services, according to people familiar with the probe.
The extent of BellTrox’s alleged operations was described in a 2020 report by Citizen Lab, part of the University of Toronto’s Munk School. It said that “spear phishing” emails tied to more than 28,000 personalised web pages were created by hackers attempting to steal passwords from advocacy groups, journalists, elected officials, lawyers, hedge funds and companies. BellTroX has previously denied involvement in hacking.
A prolonged attack on Matt Earl, a UK investor critical of Wirecard, helped Citizen Lab map the hacker’s shifting tactics.
“Each day for three-plus years Aviram tried to hack me, undoubtedly at the behest of Wirecard,” Earl said. He added that he spoke to the US justice department as a witness in 2018, and that “it’s tremendously satisfying to finally see justice being served”.
Hedge funds, researchers and journalists at the Financial Times and Reuters who wrote about Wirecard were also targeted by hackers with elaborate personalised emails.
John Scott Railton, lead researcher on the project at Citizen Lab, said the case exposed an ecosystem of hacking and the US Department of Justice now faced a critical test: “will [any] American corporations that paid [Azari] face justice? What we need is for the law firms, the PR firms, the crisis management firms to feel the consequences.”
One large group of targeted individuals and organisations identified by Citizen Lab were involved in environmental issues and had campaigned against ExxonMobil, the US oil producer. They included the Rockefeller Family Fund, the Climate Investigations Center, Greenpeace, the Conservation Law Foundation and the Union of Concerned Scientists. Exxon has said it had “no knowledge of, or involvement in, the hacking activities”.
Former Wirecard executives have not been accused of wrongdoing in connection to the hacking, and the identities of the people who authorised and paid for the multiyear operation are not known. Jan Marsalek, Wirecard’s chief operating officer, remains a fugitive from justice who the German authorities believe to be hiding in Moscow.
German criminal trials are expected to start later this year for three former Wirecard executives, including chief executive Markus Braun who is charged with fraud, breach of trust, account rigging and market manipulation. He has denied wrongdoing.